RE: Outlook Web Access - Paranoid?

["Paul D. Robertson" <proberts () patriot net>]

On Thu, 28 Nov 2002, Christopher Lee wrote:

> While the number of RPC ports one must open to allow OWA(or any MS DCOM apps) 
> to work is insane, that doesn't mean you have open them manually.  Check Point 
> firewall (for example) has the smarts to be able to open them dynamically as 
> needed.  This way, unless the intruder is able to forge the same DCOM/RPC 
> communications, the exposure is not all that bad...

While you stop random acts of senseless scanning, the point here is that 
there's likely to be an attack vector *through* the OWA box- any in-band 
attack against either IIS or OWA gets the firewall happily opening the 
ports dynamically- the end result is still a compromised server allowing 
access to your domain infrastructure.

This would be a bad thing in most cases- it's a worse thing when you have 
historically broken services which don't appear to have been engineered to 
live in hostile environments.

"When an attacker can compromise your mail server, then access your domain 
controller, that's one degree of separation?"

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards